From 3cafd73a5467221e8ce61396bdb4f0caac8168eb Mon Sep 17 00:00:00 2001
From: Denis Knauf <^_^@denkn.at>
Date: Thu, 29 Mar 2018 21:44:11 +0200
Subject: [PATCH] init

---
 .gitignore           |  4 ++++
 00.root.ldif.sh      | 43 +++++++++++++++++++++++++++++++++++++++++++
 10.acls.ldif         | 12 ++++++++++++
 20.passwordhash.ldif |  6 ++++++
 90.user.ldif.sh      | 25 +++++++++++++++++++++++++
 README.md            |  7 +++++++
 6 files changed, 97 insertions(+)
 create mode 100644 .gitignore
 create mode 100755 00.root.ldif.sh
 create mode 100644 10.acls.ldif
 create mode 100644 20.passwordhash.ldif
 create mode 100755 90.user.ldif.sh
 create mode 100644 README.md

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4b7903e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+*~
+.*.sw[op]
+
+basedn
diff --git a/00.root.ldif.sh b/00.root.ldif.sh
new file mode 100755
index 0000000..f0606c2
--- /dev/null
+++ b/00.root.ldif.sh
@@ -0,0 +1,43 @@
+#!/bin/sh -e
+
+basedn=$(cat basedn)
+_x=${basedn%%,*}
+dc=${_x#*=}
+en=${_x%%=*}
+if [ Xdc = "X$en" ]
+then
+	en=""
+else
+	en=`printf '\n%s' "$en: $dc"`
+fi
+pw=`pwgen 8 1`
+echo "# Password for cn=root,$basedn: $pw" >&2
+
+cat <<EOF
+dn: $basedn
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+dc: ${dc}${en}
+structuralObjectClass: organization
+
+dn: cn=root,$basedn
+objectClass: simpleSecurityObject
+objectClass: organizationalRole
+cn: root
+description: LDAP administrator
+userPassword:: `echo "$pw" | base64`
+structuralObjectClass: organizationalRole
+
+dn: ou=People,$basedn
+objectClass: top
+objectClass: organizationalUnit
+structuralObjectClass: organizationalUnit
+ou: People
+
+dn: ou=Groups,$basedn
+objectClass: top
+objectClass: organizationalUnit
+structuralObjectClass: organizationalUnit
+ou: Groups
+EOF
diff --git a/10.acls.ldif b/10.acls.ldif
new file mode 100644
index 0000000..5ec817e
--- /dev/null
+++ b/10.acls.ldif
@@ -0,0 +1,12 @@
+dn: olcDatabase={1}mdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {0}to attrs=userPassword,shadowLastChange
+  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write
+  by self write
+  by anonymous auth
+  by * none
+olcAccess: {1}to dn.base="" by * read
+olcAccess: {2}to *
+  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write
+  by * read
diff --git a/20.passwordhash.ldif b/20.passwordhash.ldif
new file mode 100644
index 0000000..4326290
--- /dev/null
+++ b/20.passwordhash.ldif
@@ -0,0 +1,6 @@
+dn: cn=config
+add: olcPasswordHash
+olcPasswordHash: {CRYPT}
+-
+add: olcPasswordCryptSaltFormat
+olcPasswordCryptSaltFormat: $5$rounds=8000$%.16s
diff --git a/90.user.ldif.sh b/90.user.ldif.sh
new file mode 100755
index 0000000..f733ac5
--- /dev/null
+++ b/90.user.ldif.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+if ! [ 4 -eq $# ]
+then
+	echo "Usage: $0 username givenname surname mailaddr" >&2
+	echo "random password will be printed.  Use ldappasswd for changing it" >&2
+	exit 1
+fi
+
+pw=`pwgen 8 1`
+echo "# Password: $pw" >&2
+
+cat <<EOF
+dn: cn=$1,ou=People,o=denkn,c=at
+objectClass: top
+objectClass: simpleSecurityObject
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: $1
+uid: $1
+givenName:: `echo "$2" | base64`
+sn:: `echo "$3" | base64`
+mail:: `echo "$4" | base64`
+userPassword:: `echo "$pw" | base64`
+EOF
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e6f6d2b
--- /dev/null
+++ b/README.md
@@ -0,0 +1,7 @@
+Add your basedn to basedn (eg: `echo o=denkn,c=at > basedn`).
+For initialization, first shutdown slapd and delete `/var/lib/ldap/` (you will lost all your data!),
+then use `./90.root.ldif | slapadd -b `cat basedn` -v`.
+Now you can start slapd again.
+Via `ldapadd -Y external` you can add any other ldif.
+For adding user run `./90.user.ldif.sh | ldapadd -Y external`.
+